Amendments to the Claims: 



This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

1 . (currently amended) A method for automatically directing network connections based on 
access rights possessed by a user of a wireless terminal, the method comprising: 

receiving a certificate, having security information indicative of the access rights 
possessed by the user, from the wireless terminal; 

determining whether the received certificate corresponds to a service provider 
authentication certificate which identifies access rights for a targeted service; 

directing the network connection to the targeted service if the received certificate 
corresponds to the service provider authentication certificate; and 

directing the network connection to an enrollment module to register for the service 
provider authentication certificate using a user identity and a private kev . if the received 
certificate does not correspond to the service provider authentication certificate. 

2. (original) The method of Claim 1, fiirther comprising providing a list of one or more 
available predetermined certificates to the wireless terminal. 

3. (original) The method of Claim 2, further comprising providing the list of available 
predetermined certificates to the wireless terminal in a predetermined order in which 
selection at the wireless terminal is to be effected. 

4. (original) The method of Claim 3, further comprising selecting, at the wireless terminal, 
a locally-stored certificate corresponding to the highest order predetermined certificate that 
matches the locally-stored certificate. 

5. (original) The method of Claim 4, further comprising establishing the network 
connection using the selected locally-stored certificate, wherein the selected certificate is the 
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certificate received from the wireless terminal having security information indicative of the 
access rights possessed by the user. 



6. (original) The method of Claim 3, further comprising allowing the wireless terminal to 
establish the network connection utilizing a locally-stored certificate corresponding to the 
predetermined certificate that is highest in the predetermined order that matches the locally- 
stored certificate. 

7. (original) The method of Claim 1, wherein receiving a certificate comprises receiving 
the certificate via a client certificate message issued by the wireless terminal. 

8. (original) The method of Claim 1, further comprising enrolling the user with the 
targeted service via the enrollment module when the network connection is directed to the 
enrollment module. 

9. (original) The method of Claim 8, further comprising providing the service provider 
authentication certificate back to the wireless terminal in response to enrolling the user with 
the targeted service. 

1 0. (original) The method of Claim 1 , wherein the access rights possessed by the user are 
stored as local certificates on a Wireless Identity Module (WIM). 

1 1 . (original) The method of Claim 1 , further comprising supplying the wireless terminal 
with a list of available authentication certificates from which the wireless terminal may use to 
establish the connection. 

12. (original) The method of Claim 11, further comprising supplying the wireless terminal 
with the list of available authentication certificates in a preferred order from which the 
wireless terminal must utilize a highest preference authentication certificate possessed at the 
wireless terminal in establishing the connection. 
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13. (original) The method of Claim 12, wherein the highest preference authentication 
certificate listed is the service provider authentication certificate. 

14. (original) The method of Claim 1 1 , wherein determining whether the received certificate 
corresponds to a service provider authentication certificate comprises comparing the received 
certificate to the list of available authentication certificates. 

15. (original) The method of Claim 1 , wherein determining whether the received certificate 
corresponds to a service provider authentication certificate comprises comparing the received 
certificate to the service provider authentication certificate. 

16. (currently amended) A system for managing access and enrollment for a secure service 
available to a user via a wireless terminal, comprising: 

a service module fi*om which a service provider avails the secure service to the user 
of the wireless terminal; 

an enrollment manager to effect user registration to the secure service using a user 
identity and a private key ; and 

a switch module coupled to receive a security certificate utilized by the wireless 
terminal in establishing a connection therewith, wherein the switch module directs the 
connection to either the service module or the enrollment manager depending on the security 
certificate utilized in establishing the connection. 

17. (original) The system as in Claim 16, wherein the switch module determines which 
security certificate is utilized in establishing the connection, and directs the connection to 
either the service module or the enrollment manager depending on the utilized security 
certificate. 

1 8. (original) The system as in Claim 17, wherein the security certificate is digitally signed 
by the service provider indicating that the user is registered with the service provider for use 
of the secure service, thereby directing the connection to the service module. 
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19. (original) The system as in Claim 17, wherein the security certificate is not digitally 
signed by the service provider, indicating that the user is not registered with the service 
provider for use of the secure service, thereby directing the connection to the enrollment 
manager. 

20. (original) The system as in Claim 17, wherein the security certificate is digitally signed 
by a trusted authority that is trusted by the service provider, indicating that the user may 
obtain registration through the trusted authority, thereby directing the connection to the 
enrollment manager. 

21. (original) The system as in Claim 16, wherein the security certificate comprises an 
authentication certificate. 

22. (original) The system as in Claim 21, wherein the authentication certificate comprises at 
least one of an identity verification authentication certificate, an authorization certificate, and 
a non-repudiation certificate. 

23. (original) The system as in Claim 16, wherein the switch module comprises a list of 
potential authentication certificates listed in a preferred order of use, and wherein the switch 
module provides the list of potential authentication certificates to the wireless terminal to 
allow the wireless terminal to establish the connection using a highest order authentication 
certificate in accordance with the preferred order of use. 

24. (original) The system as in Claim 23, wherein the switch comprises a compare module 
to compare at least one of the predetermined authentication certificates to the authentication 
certificate used by the wireless terminal. 

25. (original) The system as in Claim 24, wherein: 

(a) the compare module compares a service provider's authentication certificate to the 
authentication certificate used by the wireless terminal in establishing the connection; 
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(b) if a match is found, the switch module directs the user to the service module to use 
the secure service; and 

(c) if a match is not found, the switch module directs the user to the enrollment 
manager to effect user registration to the secure service. 

26. (original) The system as in Claim 24, wherein: 

(a) the compare module compares each of the predetermined authentication 
certificates to the authentication certificate used by the wireless terminal; and 

(b) the switch module directs the user to the service module or the enrollment 
manager depending on the results of the comparison. 

27. (original) The system as in Claim 16, wherein the enrollment manager is configured to 
issue authentication certificates upon successful registration, including the service provider 
authentication certificate required for use with the secure service. 

28. (currently amended) A system for managing user access and enrollment for a secure 
service available on a network, comprising: 

a wireless network including a plurality of wireless terminals operable therein; 

a network of computing systems wherein at least one of the computing systems 
comprises a server computing system hosting a secure service targeted by at least one of the 
wireless terminals, and wherein at least one of the computing systems comprises an 
enrollment server to effect user registration to the secure service using a user identity and a 
private key : 

a gateway computing system configured to bridge communications between the 
wireless network and the network of computing systems; and 

a network switch coupled to receive an authentication certificate utilized by a wireless 
terminal in establishing a connection with the network of computing systems, wherein the 
network switch switches the connection to the server computing system or the enrollment 
server depending on the authentication certificate utilized by the wireless terminal in 
establishing the connection. 
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29. (original) The system as in Claim 28, wherein the gateway computing system comprises 
a Wireless Application Protocol (WAP) gateway, and at least the wireless terminal 
establishing the connection with the network of computing systems comprises a WAP- 
compliant terminal. 

30. (original) The system as in Claim 29, wherein the WAP-compliant terminal comprises 
one of a wireless telephone, personal digital assistant, wireless pager, and wireless laptop 
computer. 

3 1 . (original) The system as in Claim 28, wherein the network of computing systems 
comprises the Internet, and wherein the Wireless Application Protocol (WAP) is used to 
communicate between the wireless terminal and the Internet. 

32. (currently amended) A system for automatically routing network connections based on 
access rights possessed by a user of a wireless terminal, comprising: 

means for receiving a certificate, having security information indicative of the access 
rights possessed by the user, from the wireless terminal; 

means for determining whether the received certificate corresponds to a service 
provider authentication certificate which identifies access rights for a targeted service; and 

means for directing the network connection to the targeted service if the received 
certificate corresponds to the service provider authentication certificate, and for directing the 
network connection to an enrollment module to register for the service provider 
authentication certificate using a user identitv and a private kev if the received certificate 
does not correspond to the service provider authentication certificate. 
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33. (currently amended) A computer-readable program storage medium tangibly 
embodying a program of instructions executable by a computing system to manage user 
access and enrollment for secure network services by performing steps comprising: 

receiving a certificate, having security information indicative of the access rights 
possessed by the user, from the wireless terminal; 

determining whether the received certificate corresponds to a service provider 
authentication certificate which identifies access rights for a targeted service; 

directing the network connection to the targeted service if the received certificate 
corresponds to the service provider authentication certificate; and 

directing the network connection to an enrollment module to register for the service 
provider authentication certificate using a user identity and a private key , if the received 
certificate does not correspond to the service provider authentication certificate. 

34. (new) A network switching module operable in a network for facilitating the 
management of access and enrollment to at least one secure service available to a user of a 
wireless terminal, the network switching module comprising; 

an authentication certificate identification module configured to store a 
plurality of authentication certificates associated with the secure service, and to deliver the 
plurality of authentication certificates to the wireless terminal with a preferred order 
indication identifying a preferred order of use for connecting to the secure service; and 

a compare module coupled to receive an authentication certificate from the 
wireless terminal corresponding to the highest order authentication certificate available at 
the wireless terminal based on the preferred order indication, wherein the compare module 
is configured to compare the received authentication certificate with the plurality of 
authentication certificates and to direct the connection to either the secure service or an 
enrollment manager to register for the secure service using a user identity and a private key 
based on the result of the comparison. 
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35. (new) The network switching module as in Claim 34, wherein the compare module is 
configured to direct the connection to the secure service if the result of the comparison 
indicates that the received authentication certificate is of sufficiently high order to access 
the secure service. 

36. (new) The network switching module as in Claim 34, wherein the compare module is 
configured to direct the connection to the enrollment manager to effect user registration to 
the secure service if the result of the comparison indicates the received authentication 
certificate is not of sufficiently high order to access the secure service. 
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